中国裁判文书案例检索(得理科技)
WarnAudited by ClawScan on May 11, 2026.
Overview
This legal case-search skill is mostly purpose-aligned, but it disables HTTPS certificate checks while sending an API key and case materials to an external service.
Do not use this skill with a real API key or confidential case materials until TLS certificate verification is restored. If you proceed after that fix, use a limited API key, keep config.json private, and redact sensitive information before long-text matching.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A network attacker or intercepting proxy could impersonate the API endpoint, capture the Bearer API key or legal case text, or alter search results.
The helper sends requests to the external HTTPS API while disabling hostname and certificate verification, so the API server identity is not verified.
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONERemove the custom SSL context and use default HTTPS certificate verification before sending API keys or case materials.
Anyone who can read the config file may be able to use or abuse the Delilegal API key.
The skill requires a provider API key stored in the skill directory; this is purpose-aligned, but it is sensitive account access and the registry metadata lists no primary credential.
鉴权方式:`Authorization: Bearer YOUR_API_KEY` ... 将 API Key 填入技能目录下的 `config.json` 文件
Use a limited, revocable API key, do not share or commit config.json, and declare the credential requirement clearly in metadata.
Sensitive facts, names, or legal documents may leave the local environment and be processed by the provider.
The long-text workflow sends user-provided case materials to the external Delilegal API for semantic matching; this is disclosed and purpose-aligned, but legal materials may contain confidential or personal information.
长文本匹配:支持上传文件内容进行语义匹配,查找相似案例
Confirm user consent before long-text matching, redact confidential details where possible, and review the provider’s data handling terms.
The agent may overpromise filtering capability or run commands that fail.
The reference examples instruct use of filtering flags such as --court, --from, --to, --cause, and --doc-type, but the included argparse setup only implements keyword/--long-text, page, size, and sort options.
python3 scripts/search_cases.py "小产权房买卖" --court "深圳市中级人民法院" --from 2021-01-01 --to 2024-12-31 --cause "房屋买卖合同纠纷" --doc-type judgment
Align the documentation with the implemented CLI options or add the missing filter support.